The U.S. technology company in the midst of the most important cybercrime in recent history has hired the recently fired U.S. government’s cyber security chief, Chris Krebs, to help deal with the outage.
SolarWinds, the Texas-based company whose software has been used by suspected Russian hackers to spy on governments and businesses around the world, said Mr. Krebs appointed as an independent consultant.
Mr Krebs was until November, when he was in charge of the US Cyber Security Agency shot on Twitter by outgoing President Donald Trump for disputing his allegations that the election was jeopardized by fraud.
He will work with his new business partner Alex Stamos, a professor at Stanford University and former head of security at Facebook, to help coordinate the company’s crisis response. The pair told the Financial Times it could take years before all the systems that have been compromised are completely safe again.
Mr Krebs said: ‘It has been an effort of more than one year by one of the very best, most sophisticated intelligence operations in the world.
‘It was just one small part of a much larger plan that was very sophisticated, and so I would expect more companies to be compromised; more techniques we will still find. . . There will be so much more written, I think, in this chapter of Russian cyber intelligence operations. ”
Researchers are scrambling to determine the full extent and scope of the ongoing campaign, and some experts believe it could take years.
SolarWinds said in December that 18,000 of its customers may have been exposed to the hackers, who hijacked one of their popular software products in March. The hackers are believed to have manually selected specific targets out of the 18,000, posing as legitimate staff members in their systems to gain access to confidential information stored in the cloud.
The company is accused of not being sufficiently open about the scope or method of the attack – a criticism that Mr. Stamos tacitly admits, while praising FireEye, the cyber-security company that was itself a victim.
“FireEye was extremely transparent and it worked out very well for them. There was less of [from] the other companies involved, and that means leaking things that may or may not be true, ”he said.
U.S. intelligence officials said this week that they had identified “less than ten” federal agencies that had been compromised. So far, the Department of Trade, Energy and Justice has confirmed that they were victims. The hackers also spied on dozens of U.S. Treasury e-mail accounts and gained access to the systems used by some of the department’s top officials.
The electronic filing system used by federal courts has also been compromised, the U.S. Judiciary said Thursday.
Last week, Microsoft said in a blog post that the same hackers had access to the internal source code underlying its own software, even though they did not modify it or have access to customer data.
Pushing the hackers out of systems can be another struggle. Mr. Stamos said the attackers likely embedded hidden pieces of code that would enable them to continue snooping on agencies and companies for years to come.
“The metaphor I use is the iron rust for Belgian and French farmers in the spring,” he said. ‘After the rain they go to their lands and find more shells from the first world war and the second world war. This is how it’s going to be for a while. ”
While Mr. Trump blamed the idea that Russian cybercriminals, and even diminished the finger at China, told U.S. intelligence agencies that the perpetrators were “probably of Russian origin.”
Mr Krebs added that there was no question in the intelligence community that the Russian foreign intelligence service, the SVR, was responsible for it.
Some in Congress have asked the U.S. to retaliate against the offender as a result, but Mr. Krebs said what was known about the attack so far falls into the category of espionage, an allegation also made by U.S. intelligence agencies.
“The U.S. has repeatedly indicated on the world stage that this kind of behavior is in fact okay, so I do not expect the U.S. to respond,” Mr Krebs said.
But he added that any escalation by the hackers should provoke a ‘dramatic’ and ‘proportionate’ response from the US government.